Checks

Checks Description: A catalog of security checks that provide visibility into the preventative security posture of your applications and systems.

Enhance your visibility into the security posture of your applications and systems with a focus on preventative security measures. Reduce risk and prevent breaches with continuous monitoring of identity misconfiguration, stale access, and over privileging.

The Checks page gives a structured security view for IAM/IT and security teams of how your company complies with best-practice configuration recommendations (“checks”) relating to identity misconfiguration, stale access, and over privileging.

For example, the Enable MFA (Multi-factor Authentication) for All Users check shows the level of MFA enrollment within the organization.

Onboarding Process

The onboarding process involves a straightforward approach without the need for additional permissions. Start by updating check severities if necessary and disabling irrelevant checks.

To effectively engage with the posture page, begin by exploring the Application Overview page to identify the most vulnerable applications. Proceed to the posture page filtered by the specific application, review all failed checks, and address them individually based on their severities, categories or compliance frameworks.

Best Practices

  • Our recommendation is to have a posture score of at least 90% for each application

  • We recommend solving all high severity checks within a week, medium severity checks within two weeks, and low severity checks within a month.

  • Regularly monitor your connected applications' posture pages and posture scores to identify configuration drifts and degraded checks. We recommend to review once a week to detect any misconfigurations right away.

  • Engage your app owners in reviewing and addressing the identified misconfigurations.

To see the Checks page, choose Identity Posture > Checks from the main menu.

The Checks page shows these parts:

  • Overview: shows the company-wide posture-related data

  • Table: shows data specific to each check

Each row in the table represents a different check the platform runs. These checks are based on instances of applications that are integrated with the platform.

By default, the page is sorted by descending check severity. You can change the sort order by clicking a column heading.

The checks are divided into these categories to streamline management:

  • Authentication: mechanisms used to verify the identity of cloud service users, systems, or processes

  • Privileged access: management of access rights for cloud service users with elevated permissions

  • Stale access: management of outdated or unused access rights

  • Security baseline: base configurations of the application

  • Key management: management of keys

In addition to basic information about the check, the table shows the compliance frameworks relevant to each check, and how many entities failed the check ("affected entities").

The Checks side panel

The Checks side panel displays more details about the check and affected entities, which you can explore to remediate the issues.

To open the side panel, click a row in the table.

The Checks side panel shows more information about the check, including the security motivation for remediating the failed entities. You can also do the following:

  • Disable the check so it no longer runs. Some organizations are unable to follow the best-practice recommendations and they are willing to accept the risk of a misconfiguration. At the same time, they don't want their overall posture score to decrease. Disabling a check will affect the identity posture score.

  • Change the severity of the check. From the Affected Entities tab, you can view and manage the affected entities.

  • See why each specific entity failed the check and get a recommendation on how to fix that.

  • Exclude specific entities from being included in this check. This could change the status of the check; for example, if one excludes all the entities, the check will now pass.

  • From the Remediation Steps tab, you can view remediation steps.

To disable or change the severity of a check:

  1. Open a check’s side panel.

  2. To disable the check, click Disable.

  3. To change the severity of the check, select a severity from the drop-down.

To see and manage affected entities:

  1. Open the side panel to look for a check that is in failed status.

  2. All affected entities that are included are listed in the Affected Entities tab.

  3. To see more information about why a specific entity failed and how to fix it, click the drop-down next to the entity name.

  4. To exclude a specific entity from this check, click Exclude on that row.

  5. Excluded entities are moved to the Excluded list:

  6. To include an excluded entity, click Include.

  7. To see general remediation steps for this check, click Remediation Steps.